CCAVENUE DENIES HACK CLAIM
We would like to bring to your notice that today, an unknown hacker claimed to have hacked the CCAvenue database by exploiting "SQL injection vulnerability". This claim is patently false and we strongly deny it.

Based on the investigations done by our security officials, we confirm that no hack has happened of our servers at 15:15 hours on 04th May 2011 as claimed by the unknown hacker. We also confirm that the screenshot shown by the unknown hacker to prove his claim of the hack has clear inconsistencies in the information.

Firstly, the information shown is not of our live database as the Apache Version on our live server is 2.2.17 and not 2.2.14 as claimed by the hacker. This update happened over 5 months ago. Secondly, we also confirm that all the passwords of our merchants and all login credentials in our live database are encrypted and stored in our database and not in text format as claimed by the hacker. The information shown in the screenshot is merely the employee list. Thirdly, the hacker’s claim of gaining access to sensitive data is not only patently false but extremely mischievous as we don't store credit card details or net banking account details on our servers."

All the facts given above clearly substantiate our contention that the database is safe. CCAvenue has worked hard to build a strong reputation by putting in the best work practices for over 10 years. We reiterate that CCAvenue is extremely cautious about the data security of its merchants, their clients and its associates. We have consistently been at the cutting edge of technology when it comes to adhering to security processes and we are adhering to the Payment Card Industry Data Security Standards. We are confident that the facts mentioned above should be enough to settle the issue of the `claimed’ vulnerability of CCAvenue. We have always put our merchants’ interest first and have worked hard to ensure that their precious data is safe.